@Zabbix配置snmptrap及使用snmptt解析格式化输出

文章目录

• • 1. snmptrap与snmptt工作关系
  • 2. snmptrap安装部署
  • 3. 网络设备配置snmptrap
  • 4. snmptt安装部署
  • 5. Zabbix server配置
  • 6. zabbix web配置
  • 7. snmptrap文档

1. snmptrap与snmptt工作关系

2. snmptrap安装部署

#安装net-snmp组件
[root@Server ~]# yum install -y net-snmp net-snmp-utils net-snmp-perl 




#调整配置snmp trap
[root@Server ~]# egrep '^[^#]' /etc/snmp/snmptrapd.conf
authCommunity log,execute,net public          #指定认证的团体名       
#traphandle default /usr/sbin/snmptthandler   #配置snmptt接收器，默认配配置，可以指定接收器



#启动snmptrap
[root@Server ~]# systemctl enable snmptrapd   #加入开启自启
[root@Server ~]# systemctl start snmptrapd    #启动snmptrap





#查看snmptrap状态（数据接获取需要等待很久，这个时候就喝喝茶）
[root@Server ~]# systemctl status snmptrapd.service 
● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-04-22 14:51:58 CST; 1 weeks 3 days ago
 Main PID: 1404 (snmptrapd)
   CGroup: /system.slice/snmptrapd.service
           └─1404 /usr/sbin/snmptrapd -Lsd -f -O n

Apr 24 22:29:22 zabbix01 snmptrapd[1404]: 2022-04-24 22:29:12 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (333667130) 38 days, 14:51:11.30        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.2.1 = INTEG...
Apr 24 22:35:15 zabbix01 snmptrapd[1404]: 2022-04-24 22:35:05 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (333702414) 38 days, 14:57:04.14        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEG...
Apr 24 22:37:32 zabbix01 snmptrapd[1404]: 2022-04-24 22:37:22 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (333716156) 38 days, 14:59:21.56        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEG...
Apr 24 22:57:12 zabbix01 snmptrapd[1404]: 2022-04-24 22:57:02 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (333834122) 38 days, 15:19:01.22        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEG...
Apr 24 23:17:24 zabbix01 snmptrapd[1404]: 2022-04-24 23:17:14 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (333955332) 38 days, 15:39:13.32        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEG...
Apr 24 23:34:49 zabbix01 snmptrapd[1404]: 2022-04-24 23:34:39 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (334059816) 38 days, 15:56:38.16        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEG...
Apr 24 23:45:30 zabbix01 snmptrapd[1404]: 2022-04-24 23:45:20 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (334123944) 38 days, 16:07:19.44        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEG...
Apr 25 12:00:08 zabbix01 snmptrapd[1404]: 2022-04-25 11:59:58 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (338531845) 39 days, 4:21:58.45        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEGE...
Apr 26 12:00:07 zabbix01 snmptrapd[1404]: 2022-04-26 11:59:57 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (347171790) 40 days, 4:21:57.90        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEGE...
Apr 26 23:00:05 zabbix01 snmptrapd[1404]: 2022-04-26 22:59:55 <UNKNOWN> [UDP: [10.21.25.222]:55665->[10.240.0.79]:162]:
                                          .1.3.6.1.2.1.1.3.0 = Timeticks: (351131726) 40 days, 15:21:57.26        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEG...
Hint: Some lines were ellipsized, use -l to show in full.



#日志查看
[root@Server ~]# tail -f /var/log/messages
略

3. 网络设备配置snmptrap

4. snmptt安装部署

#安装epel源
[root@Server ~]# yum -y install epel-release
或
[root@Server ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel


#安装snmptt
[root@Server ~]# yum -y install snmptt perl-Sys-Syslog


#snmptt配置修改
[root@Server ~]# vim /etc/snmp/snmptt.ini
date_time_format=  %Y/%m/%d %H:%M:%S      #配置snmptt日志时间格式  

mode = daemon                             #nmptt运行模式

net_snmp_perl_enable = 1
translate_log_trap_oid = 2                #0：显示数字OID，1：显示OID名称，2：显示OID模块名称和其名称
log_file = /var/log/snmptt/snmptt.log     #指定传输的日志文件

snmptt_conf_files = <<END
/etc/snmp/snmptt.conf         #默认格式化日志配置文件
/etc/snmp/cisco.conf          #添加其他的格式化trap日志的配置文件
END




#自定义snmptrap格式化规则
[root@Server ~]# vim /etc/snmp/snmptt.conf 
# 默认规则，没有其他规则匹配上时，所有trap信息都按此规则处理
EVENT general .* "General event" Normal
FORMAT ZBXTRAP $aA $1


#匹配login规则
EVENT tcpConnectionClose .1.3.6.1.4.1.9.0.1 "Status Events" Normal
FORMAT ZBXTRAP $aA tty trap signifies that a TCP connection, $6 LOGIN
SDESC
A tty trap signifies that a TCP connection,
previously established with the sending
protocol entity for the purposes of a tty
session, has been terminated.
Variables:
  1: tslineSesType
  2: tcpConnState
  3: loctcpConnElapsed
  4: loctcpConnInBytes
  5: loctcpConnOutBytes
  6: tsLineUser
EDESC


#匹配Linkdown的规则
EVENT LinkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Warning
FORMAT ZBXTRAP $aA LinkDown on interface $4.  Admin state: $2.  Operational state: $3

#匹配Linkup的规则
EVENT LinkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT ZBXTRAP $aA Linkup on interface $4.  Admin state: $2.  Operational state: $3



#启动snmptt
[root@Server ~]# systemctl enable snmptt.service
[root@Server ~]# systemctl start snmptt.service



#查看状态
[root@Server ~]# systemctl status snmptt.service 
● snmptt.service - SNMP Trap Translator (SNMPTT)
   Loaded: loaded (/usr/lib/systemd/system/snmptt.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-04-24 14:27:28 CST; 1 weeks 1 days ago
  Process: 10019 ExecStart=/usr/sbin/snmptt --daemon (code=exited, status=0/SUCCESS)
 Main PID: 10023 (snmptt)
   CGroup: /system.slice/snmptt.service
           ├─10022 /usr/bin/perl /usr/sbin/snmptt --daemon
           └─10023 /usr/bin/perl /usr/sbin/snmptt --daemon

Apr 24 22:29:35 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 24 22:35:25 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 24 22:37:45 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 24 22:57:25 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 24 23:17:35 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 24 23:35:00 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 24 23:45:40 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 25 12:00:23 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 26 12:00:18 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN
Apr 26 23:00:20 zabbix01 snmptt[10023]: SNMPv2-SMI::enterprises.9.0.1 Normal "Status Events" UNKNOWN - ZBXTRAP 10.21.25.222 tty trap signifies that a TCP connection,  LOGIN



#配置权限，将指定的日志文件所属用户（无日志文件手动创建）
[root@Server ~]#  chown snmptt.snmptt /var/log/snmptt/snmptt.log
[root@Server ~]#  ll  /var/log/snmptt/snmptt.log
-rwxr--r-- 1 snmptt snmptt 0 May  1 03:16 /var/log/snmptt/snmptt.log

5. Zabbix server配置

[root@Server ~]#  vim /etc/zabbix/zabbix_server.conf
StartSNMPTrapper=1                             #开启SNMPTrapper功能
SNMPTrapperFile=/var/log/snmptt/snmptt.log     #指定trap获取的日志文件



#重启zabbix server
[root@Server ~]# systemctl restart zabbix-server

6. zabbix web配置

7. snmptrap文档